Archive
Monthly Archives: September 2016

When it comes to protecting your company’s network, there are a lot of questions you need to ask yourself. What type of approach is right for your company? Should you choose the hands-on IT management, or the remote and resourceful vendor management?

The two are very different, and depending on various factors, like the size of your company or what kind of company you have (like e-commerce), makes a difference as to which type of management will be right for you.

If you’re having trouble deciding, then this is what you’ll need to look at.

What’s the Difference?

IT management is a type of network management that’s in the hands of one individual, or in some cases, an IT team. It’s the actual management of network resources, including, but not limited to, patch management, service pack updates, or just any quick adjustments that need to be done. Their expertise is more general.

Vendor management, on the other hand, happens remotely. The vendor is managing and monitoring your backups, mobile devices, and your security. The vendor has all the resources beside them to deal with a whole array of network issues. They are able to do this because they know the specific products and networks they are dealing with and can leverage them effectively.

Which Type is Better for Which Company?

IT Management

IT management is hands on and it usually involves one IT person at a company. In IT management, your network resources are being managed as best as they can. When those are confirmed to be working well, then business should run smoothly. An IT person checks on your software, your firewalls, your devices, and any other type of network resources your company is currently using, to make sure they’re working correctly.

If you are a small company or you’re just starting out, then IT management is a good way to go. It’s best for companies that just want to be sure everything is working how it should be; that nothing gets in the way of you interacting with your customers or managing your website.

Vendor Management

Vendor management is essentially when your management is outsourced to one person or group who can help you remotely. A vendor typically has better resources than your company’s IT management, simply because this is what they specialize in. They are therefore able to manage each thing in your company that needs to be managed, one at a time, and with precision. They can do what they need to do from the back-end, without interrupting your flow of business.

Vendor management is, therefore, better for small and medium sized companies, if they are able to switch over.

Make Your Choice

Still not convinced?

We are. Having a vendor to manage your network is just more reliable and consistent than a single IT person. While having an IT person around is certainly a nice thing, as companies grow, they simply can’t manage it all alone. With vendor management, you simply won’t have to worry because they have EVERYTHING covered.

SMBs should not have to experience downtime if they simply implement a business disaster and recovery solution before downtime occurs, so that they can restore essential data quickly and painlessly, and resume normal business operations. Consider CloudEndure’s 2016 Disaster Recovery Survey.

Here are four things to know about downtime:

Downtime can happen more often than you think. This chart shows that 57 percent of companies have experienced a downtime event within the past three months or earlier! With a reliable backup and disaster recovery (BDR) solution in place, you can mitigate the damage when problems do arise. Make sure your BDR is able to provide a quick recovery and optimal recovery point, with troubleshooting on the issues to prevent them from occurring again.

Not only does downtime happen more frequently than you think, it’s also one of the biggest IT expenses a business can face.

A well-known fact of modern business is that backups fail – and when they do, you are unable to access any file changes or data created after the last successful backup. That can be very problematic for your business, especially if you rely on critical data in your daily operations. Your BDR solution needs to be backed by round-the-clock support. As such, you need regular backups – and verify their viability through backup tests – as frequently as your business or organization demands. As a result, you can focus on growing your business without worrying if you’ll be able to access critical files, or if you’ll have data in its most recent form.

Only 6 percent of businesses have never experienced a downtime event. As a business owner, you don’t necessarily have time to worry about when downtime will strike or the safety of your network – nor should you have to. That’s why you should seek 24x7x365 support for complete peace of mind with a reliable BDR solution. Get business continuity solution to act as your safety net so that if you’re a part of the 94 percent who do experience downtime, you won’t have to worry about it having negative, long-term effects on your business.

Ransomware can happen to anyone, though many people tend to think it will never happen to them. Unfortunately, if you fall victim to ransomware, you could end up paying a hefty amount; a ransom, to get back your files. Ransomware occurs when someone hacks your system, corrupts your files, and asks for at least $500 in bitcoin. In case you don’t know, bitcoins are not an easy thing to get your hands on.

For those who have the money to pay up, maybe ransomware is not such a problem for you. But, for most people, ransomware can be a very scary thing to have to face.

Luckily, there are solutions when it comes to fighting off ransomware, but it all starts with you. If you want to make sure this cyber-kidnapping doesn’t ruin your network, then here’s what you can do.

Be Careful with Who You Trust

This goes without saying. If you see an email or something suspicious on your system, don’t click on it. Delete it, and if possible, advise your IT person or CIO about what you saw.

Know What You Need to Protect

As with any form of cyber security, it’s essential you know what it is that you need to protect from potential ransomware. Do you have customer credit card information? Intellectual property? A list of email addresses of potential leads? Decide what it is you need to protect and make sure everyone who’s dealing with it is aware as well.

Backup Your Information Regularly

This is the most important thing you can to do when it comes to protecting yourself from ransomware. The people behind these attacks will take your files, lock them, and only give them back to you once you pay.

Therefore, in order to always be prepared for a ransomware attack, it’s essential that you’re constantly backing up your information. The main goal of these people is to get money from you, so while you should be concerned about what they have, there’s not too much to worry about it.

Make sure you are backing up your data as much as possible. It’s good to also back it up on an external hard drive, as ransomware can get into your cloud. While backing your data up everyday may be a bit overboard, it’s really not. Imagine the one day you don’t do it is the day you get hit with a ransomware attack. But, if doing it everyday is too much for you, then just make sure you at least do a backup whenever you have new important data.

Don’t Pay a Dime

When you find out that you’ve been a victim of a ransomware attack, you’ll know pretty quickly. When you try to access your files, it will ask you to pay up by buying a bitcoin (or several). The first rule and the only rule is to not pay. If you’ve backed up your information, you’ll have nothing to worry about.

If you haven’t backed up your data, then that’s another story. Your options are a bit more limited. However, if the information they have isn’t so vital to you continuing on with your routine matters, then forget about it. After all, giving these guys money just enables them to keep doing what they’re doing. Also, there are occasions where people pay the ransom, only to find the files are inaccessible. Don’t fall into that trap.

The Bottom Line

Ransomware can happen to anyone, as can any other kind of cybersecurity attack. Of course, each type of attack has different ways of preventing it. But, when it comes to ransomware, the best way to prevent any attack is simply by backing up your information at all costs.

Perhaps you feel like you can, but the answer is no. When it comes to your network, you should never trust any device or any person without checking things first. What happens when an intruder who looks like someone or something you recognize gets in? Instead of kicking yourself for being so trusting, why not put that fence up from the very beginning?

This is known as “Zero Trust Level.” When companies are looking to install new devices, software, or even allow access for certain individuals at a company, absolutely everything should be verified first. It only takes one thing, one time, to breach your cybersecurity.

It’s Safe to Assume That Nothing is Trustworthy

In the real world, making assumptions about something is never a good thing. But, in the cyber world, it’s quite the opposite. As an administrator or an IT professional at a company, it’s imperative that you assume any device or person wanting to access your network has malicious intentions. While this may not always be true, if you don’t look at it this way, you could be making your company extremely vulnerable to an attack.

Welcome to the world of where assumptions get you ahead in life. The Zero Trust Network. If you ever get pop-ups or warnings every time you want to download an app on your phone, then you know what we’re talking about. Of course, when it comes to your company’s entire network, it’s a little bit different…a little bit more serious. The warnings you want to have may not always be there, and therefore it’s your job to protect your data as best you can, even when you’re not around to do so.

Understand the Roots of the Zero Trust

Zero Trust Level was started when perimeter-centered security strategies were no longer effective. This kind of approach became quickly outdated, and networks with information to protect needed something to keep up. Not too long ago, it seemed as though the people or devices you let in were trustworthy enough. However, we’ve seen over time that that’s not quite the case. That being said, there are always hackers that can pose as the most trustworthy of people or devices.

Zero Trust was started by Forrester Research. It’s guiding principle is that there is no default trust for any entity, whether it be a living or non-living thing. With Zero Trust, you can reduce the exposure of vulnerable systems. This program understands your network specifically and everything involved within that network, unlike a VLAN, which can’t inspect your traffic for threats.

How to Set Up a Zero Trust Network

“Never trust-always verify.” You remember this, you’re already on the right path. The Zero Trust idea is actually a form of architecture that if you follow correctly, will help protect your data to the fullest. However, there are certain steps you need to follow.

Step One: Identify what portions of your network you need to protect. Don’t leave anything out. There’s no right or wrong here. If you think something is valuable enough to protect, then you better do so.

Step Two: Develop your trust boundaries. Decide at what point someone or something has essentially “broken your trust.” This could be something like attempted access from “countries of interest.” When those boundaries are crossed (or before they are crossed), IT teams can deploy Zero Trust segmentation gateways to the right places before a breach occurs.

Step Three: Implement and grow. Once you implement your Zero Trust program, it’s crucial that you keep an eye on your data at all times. Networks always grow and change, as do the people and devices who may or may not have access to that intellectual property. Always watch what’s going on around your network so you can make sure Zero Trust architecture is there to protect you whenever.

In other words, you need to help it to help you.

The fact of the matter is, you can never trust anyone or anything fully, especially when it comes to your information. Live by the Zero Trust Level policy, and you’ll be alright.

Whether you think so or not, all the data your company possesses is sensitive information that needs to be protected. It doesn’t matter if you’re a small business or a multi-billion dollar company. A data breach of any kind can cause seriously problems.

Fortunately, there are ways to make your company’s data more secure by taking preventative measures. One of these measures involves running security assessments every quarter. If you’re not doing this already, then you’re making a mistake. Here’s why.

There Are Too Many Ways for a Network to Be Compromised

There isn’t just one way for a security breach to happen in your company’s network. Nowadays, companies are way more at risk than ever before. Viruses can come from all kinds of places and people, and they often go unnoticed or are untraceable. They can come in the form of emails, trojans, worms, malware, “command and control” and others. It’s really not possible for one company to try and stay on top of every potential risk. That’s why you need to run security assessments often.

Constant Security Protects Your Business

If your company’s network and data gets damaged, that’s one thing. But, these are not the only reasons why a company should be frequently running security checks. There are also business reasons. It’s important to monitor employee activity, to make sure no one is exposing the company to risks. It’s also important to make sure your system isn’t being slowed down by bandwidth abuse, or that pirated software isn’t being downloaded.

Firewalls and Other Tools Alone Simply Aren’t Enough

Yes, most computers come with tools that help block off these risks, but it’s just not enough. Why? Because every tool you use, even if it’s extremely reliable, needs to be constantly monitored. Once one problem is attacked, it’s likely another will appear very soon. A security check up every quarter helps to make sure everything is working properly, regardless of the specific tools you’re using.

The Assessments We Do Are Always Detailed

We get it. Even if you run security assessments as often as you’re supposed to, all that mumbo jumbo can be rather confusing for companies who don’t have the resources to understand it. Luckily, the assessments we provide are extremely detailed. They provide reports on security risk, security policy, share permission, outbound security, and external vulnerabilities. If that’s overwhelming for you, don’t be alarmed. We’re here to help you analyze all of this.

Running Security Assessments Helps Your Business Run Smoothly

Dealing with a security breach after it’s already happened can cause major losses for your company. By preparing your company to take on risks before they come, you’ll be helping yourself out tremendously. Running security assessments frequently, prevents any surprises from happening. You’ll be able to catch things as they come, and significantly minimize the chances of those losses from happening.

The Risk of Not Doing It Costs More Than Doing It

One of the biggest reasons companies don’t invest more in cybersecurity is because they just don’t think it’s necessary. This may because they don’t feel like they have much at stake to lose, or they feel their money should go elsewhere. Other companies see it as something they’ll deal if and when it happens.

But, we say, why take the risk? Running security assessments every so often will save you a lot of money in the long run. Here at Smeester & Associates, we offer recommendations and services to make your data more secure, at a price that’s affordable. The rate we offer is not even comparable to what you’d pay if you had a breach that could have otherwise been caught beforehand.

Don’t take any risks. Your company’s data needs to be protected. Run a security specific assessment every quarter, and take on those red flags before they hit you.

Here’s a riddle: How does a mobile strategy turn from a gleaming skyscraper touching new heights of business productivity into a towering inferno? The answer: a poor mobile security foundation.

As the average mobile device gets more minuscule in the form of wearables and whatever technology comes next, many organizations need to go back to the basics of mobile security. That is one of the lessons Tyler Shields of Forrester Research recently shared in a mobile security video series.

Enterprise Mobility Management Needs to Start Somewhere

In an ideal world, a nefarious individual could steal a corporate tablet or smartphone and walk away without an ounce of sensitive data. However, we don’t live in that world. As Shields stated, “Mobile devices are interconnected; they connect back to corporate environments, they have data — important and sensitive data — saved on the device.”

While the mobile conversation should shift toward enterprise mobility management, which protects mobile data, apps, content and network file share access, this might be too much mobile mayhem for lean IT departments to manage out of the gate.

Mobile device management (MDM) is still the foundation that keeps those next steps aloft and stable. Or, it could be, since the right MDM system can easily scale mobile data, apps and content management in the same control panel.

Older Mobile Security Foundations Faltering

Some previously ironclad mobile device security solutions are starting to rust from a lack of updates or cumbersome installations. Those options are merely kept operating inside companies for fear of the dreaded migration downtime.

It’s a valid fear for IT and chief information security officers (CISOs), since their customers are looking at their mobile devices more than 200 times a day. Imagine a whole workforce paralyzed each time Apple, Google or Microsoft made an OS update. You don’t need to imagine it — with older MDM solutions, downtime is a deliverable versus an anomaly.

As the average mobile device gets more minuscule in the form of wearables and whatever technology comes next, many organizations need to go back to the basics of mobile security.

Real Mobile Device Management for Real Device Security

In the event of the inevitable mobile security ticket exclaiming, “Help, I lost my phone!” the following is what MSPs should seek for security surety in an MDM vendor:

One Window to Manage Every Mobile OS

It seems simple, but this is a big miss for many organizations. Even if you only prescribe to one OS for corporate-issued devices, bring-your-own-device (BYOD) happens regardless of whether the company sanctions it.

Mobile security, like all IT security, should bask in standardization. Cross-platform MDM ensures a CISO’s desire for eight-character alphanumeric password compliance is the same for iPhones and Androids alike.

Remote Locate, Lock, Block and Wipe

Just as you don’t need a flamethrower to kill a housefly, overly draconian responses to lost devices could obliterate the workforce’s fervor for mobile freedom. More often than not, mobile devices simply get lost. Wiping all the data of a device stuck between the couch cushions is simply unnecessary.

With MDM, you can use options on the Web to first see whether the device is truly gone. In a scenario in which a stranger may have accidentally grabbed the wrong phone, a simple lock and block will keep corporate secrets safe until an amiable exchange can be made. In the worst-case scenarios, in which the device and company data are at risk, the device can be wiped in a few seconds once the command is delivered.

Device Security Extras

If an organization needs a higher standard of secrecy or specialization, MDM options truly abound. Geofencing can shut off features from cameras to texts for areas of research and development secrecy. In retail and other shared device environments, kiosk mode can keep devices dedicated to a business-only app such as point-of-sale tools or catalogs.

Before you balk and say MDM or any device security isn’t for your company, it is important to remember that emails are corporate data, work files are often stored in Dropbox (with a recent data breach) and the odds against losing a piece of work hardware grow exponentially as the technology shrinks in size.

Ah..the old “break/fix” model. The one where customers call up a service when they have a problem, so they can be helped over the phone or eventually have the service visit their office. This is the model that is completely counterproductive. The model that no longer makes any sense to keep using. The one that should never be used again if you’re an IT decision maker at your company.

If you’re still relying on the break/fix model at your business, it’s time to dismiss it and swap it for something way more useful. Here’s why.

It’s Reactionary and That’s Not Good

The break/fix model wastes time, and as most businesses are fully aware, time is money. Every time you have an IT issue and you have to call someone up to help you troubleshoot a problem, your business is at a standstill. Nothing can be done until the problem is fixed. Whether it’s because you can’t access a file in your system or your whole network is down, it’s affecting your business minute by minute.

Ultimately, the break/fix model is outdated. It’s reactionary. It once worked well, but now with more advanced technologies, more complex problems can arise. That being said, there are many IT services companies now have the ability to fix these kinds of problems before they even occur. They work on a preventable basis, making repairs before “the lights go out,” usually without anybody knowing a problem occurred.

After all, why would you take the car when a train is way faster and less expensive? Catch our drift?

It Doesn’t Look Good for Your Customers

Companies who are still using the break/fix model can be causing a lot of tension between themselves and their customers. Let’s say you’re a doctor, and all of a sudden, your system is down. You can’t access your patients’ files. You can’t send over a prescription for a patient who is calling in with extreme pain. While not every business is a doctor’s office, you can see how a small IT problem can quickly cause your customers to suffer. Now, you need to wait on the phone for someone to help you. All this time wasted can really make your customers think less of you, despite it not being your fault.

Or, is it? By relying on the break/fix model, you’re automatically doing your customers a disservice, even if everything is working at the present moment.

The Break/Fix Model Isn’t Helping You, Either

If your customers have to be on hold while you’re waiting for your system to be back up and running again, you are losing money and you’ve shot a good reputation. Sometimes, this “hold” can take anywhere from a few hours to a few days. Every second the clock ticks, money is being lost. In addition to that, you’re also going to have to pay money to the company that’s doing the repairs and who knows how much that’s going to cost? Nobody in business has said they prefer unpredictability!

Yes, problems happen. People aren’t perfect, and businesses are certainly not, either. Not everything is preventable. But, is the break/fix model something you think you want to keep using, or that you even have the option of using? You can help yourself by ditching the break/fix model immediately.

The Bottom Line

Because of these reasons, a majority of IT companies have switched over from the break/fix method to something much more reliable. If you’re an IT decision maker for your business, we’re here to tell you it’s time to do the same. Smeester & Associates will help manage your technology and fix problems BEFORE it happens. We do this all at an affordable rate, so you can go about your business worry-free.